Kevin_Gough
asked on
How do i setup 2 domain servers within the same LAN
Hi.
I have a windows 2000 server, with a domain name of "company One"
This has our exchange server on it, aswell as domain, dhcp etc.
We are planning on changing our domain name to "company two" I have purchased another server, and configured this as "domain two" with exchange server on it.
I would now like to connect this to our existing network, so that i can port the users across one by one, rather than all in one go over a weekend possibly.!
My issue is, how do i go about this.?
As essentially i will have 2 identical servers (albeit with different domain names) on the same LAN. Same DHCP address pool etc.
Please let me know if you require any further information.
Thank you
Kevin Gough
I have a windows 2000 server, with a domain name of "company One"
This has our exchange server on it, aswell as domain, dhcp etc.
We are planning on changing our domain name to "company two" I have purchased another server, and configured this as "domain two" with exchange server on it.
I would now like to connect this to our existing network, so that i can port the users across one by one, rather than all in one go over a weekend possibly.!
My issue is, how do i go about this.?
As essentially i will have 2 identical servers (albeit with different domain names) on the same LAN. Same DHCP address pool etc.
Please let me know if you require any further information.
Thank you
Kevin Gough
ASKER
Right at the moment we have essentially 2 domains.
"Domain 1" is a windows 2000 server "Domain 2" is a windows 2003 server.
I will put them both on the same LAN, but they will both have a copy of windows exchange server 2003, and will both for a while want to operate as the exchange server.
How do i get around this.? Until i update all the users to the new domain.?
"Domain 1" is a windows 2000 server "Domain 2" is a windows 2003 server.
I will put them both on the same LAN, but they will both have a copy of windows exchange server 2003, and will both for a while want to operate as the exchange server.
How do i get around this.? Until i update all the users to the new domain.?
Here is a link and step by step for adding a W2K3 server to a W2K domain:
What do I need to do to prepare my Windows 2000 forest for the installation of the first Windows Server 2003 DC?
You are going to need to migrate your Exchange over to the new box... once this is done, make sure that your new server holds the FSMO roles... here is a link to the moving these roles:
http://support.microsoft.com/default.aspx?kbid=324801&product=winsvr2003
Here is a link to the migration process:
Step-by-Step: Migrating Exchange 2000 to Exchange 2003 Using New Hardware
http://www.msexchange.org/tutorials/Migrating-Exchange2000-Exchange-2003-Hardware.html
What do I need to do to prepare my Windows 2000 forest for the installation of the first Windows Server 2003 DC?
You are going to need to migrate your Exchange over to the new box... once this is done, make sure that your new server holds the FSMO roles... here is a link to the moving these roles:
http://support.microsoft.com/default.aspx?kbid=324801&product=winsvr2003
Here is a link to the migration process:
Step-by-Step: Migrating Exchange 2000 to Exchange 2003 Using New Hardware
http://www.msexchange.org/tutorials/Migrating-Exchange2000-Exchange-2003-Hardware.html
Hmm.. forgot to paste that link! :)
What do I need to do to prepare my Windows 2000 forest for the installation of the first Windows Server 2003 DC?
http://www.petri.co.il/windows_2003_adprep.htm
What do I need to do to prepare my Windows 2000 forest for the installation of the first Windows Server 2003 DC?
http://www.petri.co.il/windows_2003_adprep.htm
Kevin,
First question - are these two domains in separate forests?
My understanding of the links that you've been provided with:
1. You've got two domains and two separate forests on the same LAN
2. You're not integrating the Win2K3 server into the existing domain. So the petri.co.il link isn't going to help.
3. You're not integrating the Win2K3 server into the existing domain or forest, so you won't be able to transfer the FSMOs.
4. I'm not sure the step-by-step migration guide is going to help you either as you've got two different forests here.
If my first point, by the way, is incorrect, then the step-by-step link that Fatal_Exception gave you is going to probably be what you need. If my assumption is correct, however, here are my thoughts:
In essence, by having two different forests, etc. you've inadvertantly created the most difficult of all Exchange and Active Directory migrations: the Forest to Forest migration path. The possible exception to this is the Exchange 5.5 to Exchange 2003 upgrade. I've done both and here's my advice:
1. Upgrade the existing server to Windows 2003 and Exchange 2003.
2. Change the name of the domain to the new domain name.
3. Install the new server as a member of the existing domain, promote it and then install Exchange 2003 as a server in the existing forest/organization.
4. Use Active Directory Users & Computers to move all the mailboxes to the new server.
5. Set your DHCP lease duration to 1 hour
6. Wait 1 hour
7. Decomission the DHCP scope on the existing server
8. Set up the DHCP scope on the new server exactly the same way
9. Wait 1 hour
10. Increase the DHCP scope on the new server to 8 days
11. Make sure DNS is on both and replicating.
12. Remove Exchange from the existing server.
Trust me. This is *FAR* easier than doing a forest-to-forest AD or Exchange migration.
Hope this helps.
<-=+=->
First question - are these two domains in separate forests?
My understanding of the links that you've been provided with:
1. You've got two domains and two separate forests on the same LAN
2. You're not integrating the Win2K3 server into the existing domain. So the petri.co.il link isn't going to help.
3. You're not integrating the Win2K3 server into the existing domain or forest, so you won't be able to transfer the FSMOs.
4. I'm not sure the step-by-step migration guide is going to help you either as you've got two different forests here.
If my first point, by the way, is incorrect, then the step-by-step link that Fatal_Exception gave you is going to probably be what you need. If my assumption is correct, however, here are my thoughts:
In essence, by having two different forests, etc. you've inadvertantly created the most difficult of all Exchange and Active Directory migrations: the Forest to Forest migration path. The possible exception to this is the Exchange 5.5 to Exchange 2003 upgrade. I've done both and here's my advice:
1. Upgrade the existing server to Windows 2003 and Exchange 2003.
2. Change the name of the domain to the new domain name.
3. Install the new server as a member of the existing domain, promote it and then install Exchange 2003 as a server in the existing forest/organization.
4. Use Active Directory Users & Computers to move all the mailboxes to the new server.
5. Set your DHCP lease duration to 1 hour
6. Wait 1 hour
7. Decomission the DHCP scope on the existing server
8. Set up the DHCP scope on the new server exactly the same way
9. Wait 1 hour
10. Increase the DHCP scope on the new server to 8 days
11. Make sure DNS is on both and replicating.
12. Remove Exchange from the existing server.
Trust me. This is *FAR* easier than doing a forest-to-forest AD or Exchange migration.
Hope this helps.
<-=+=->
ASKER
SplinterCell.
You are quite correct in what you've stated.
They will be 2 different domains, and will need to stay seperate, in actual fact, once we have a working AD and exchange server, on "domain 2" "domain 1" machines will then be ported over to "Domain 2" and "Domain 1" will be decomissioned.
Your instructions seem alot easier than the previous instructions, however i am unable to change the domain name of the existing server, as users will still be connecting to this, and using it, until they are ported across to the new "domain 2"
Basically, i want 2 servers with different domain names, running in unison with eachother. So that all "Domain 1" users can work as if nothing had changed, until they are ported across to the new "domain 2"
Details of servers are as follows.
"Domain 1"
Primary domain controller, Windows 2000 server, exchange 2003.
"Domain 2"
Primary domain controller, windows 2003 server, exchange 2003.
Thank you for all your help so far.!!
You are quite correct in what you've stated.
They will be 2 different domains, and will need to stay seperate, in actual fact, once we have a working AD and exchange server, on "domain 2" "domain 1" machines will then be ported over to "Domain 2" and "Domain 1" will be decomissioned.
Your instructions seem alot easier than the previous instructions, however i am unable to change the domain name of the existing server, as users will still be connecting to this, and using it, until they are ported across to the new "domain 2"
Basically, i want 2 servers with different domain names, running in unison with eachother. So that all "Domain 1" users can work as if nothing had changed, until they are ported across to the new "domain 2"
Details of servers are as follows.
"Domain 1"
Primary domain controller, Windows 2000 server, exchange 2003.
"Domain 2"
Primary domain controller, windows 2003 server, exchange 2003.
Thank you for all your help so far.!!
Kevin,
How many users do you have?
<-=+=->
How many users do you have?
<-=+=->
ASKER
SplinterCell
We have about 40 users.
We have about 40 users.
Kevin,
For 40 users, I really think that your best bet is to go with what I suggested before. With 40 users, you can do it on a weekend and have everyone up and running by Monday morning. Worst case, if you have to run around Monday morning, 40 users aren't going to be that time consuming.
Otherwise, migrate everything to the new server and THEN change the domain name. With Windows 2003, you can do this relatively easily according to Microsoft. It's one of the big new features in 2003. In all fairness though, I have to warn you that I have not personall done this.
Otherwise, you're looking at recreating all users in the new domain, manually moving all of the computers to the new domain, manually recreating all shares, manually recreating all groups and adding the appropriate users, manually assigning permissions to shares and folders, manually exporting mailboxes from existing Exchange server and manually importing them into the new Exchange server (although with ExMerge, it isn't all that bad).
From a time perspective, I think my original suggestion would be best. If you go the manual migration route, I'd recommend hiring a consultant who's done it before; right after, of course, you do a full tape backup of the existing server (including System State).
<-=+=->
For 40 users, I really think that your best bet is to go with what I suggested before. With 40 users, you can do it on a weekend and have everyone up and running by Monday morning. Worst case, if you have to run around Monday morning, 40 users aren't going to be that time consuming.
Otherwise, migrate everything to the new server and THEN change the domain name. With Windows 2003, you can do this relatively easily according to Microsoft. It's one of the big new features in 2003. In all fairness though, I have to warn you that I have not personall done this.
Otherwise, you're looking at recreating all users in the new domain, manually moving all of the computers to the new domain, manually recreating all shares, manually recreating all groups and adding the appropriate users, manually assigning permissions to shares and folders, manually exporting mailboxes from existing Exchange server and manually importing them into the new Exchange server (although with ExMerge, it isn't all that bad).
From a time perspective, I think my original suggestion would be best. If you go the manual migration route, I'd recommend hiring a consultant who's done it before; right after, of course, you do a full tape backup of the existing server (including System State).
<-=+=->
ASKER
SplinterCell.
Once again thanks for your help.
If i were to upgrade the existing server to 2003, and change the domain name to the new domain "domain 2"
All i would really need to do is update the existing users to the new domain name, as in essence nothing else has changed.
Im thinking that due to very limited resources i.e. Just Me, i may just keep the existing server as the domain controller and the exchange server, and change the domain name. Then use the new server which i have as an additional server, this can be used for many different things in house.
Do you have any info with regards to upgrading windows 2000 server to windows 2003, and changing the domain name.?
Once again thanks for your help.
Once again thanks for your help.
If i were to upgrade the existing server to 2003, and change the domain name to the new domain "domain 2"
All i would really need to do is update the existing users to the new domain name, as in essence nothing else has changed.
Im thinking that due to very limited resources i.e. Just Me, i may just keep the existing server as the domain controller and the exchange server, and change the domain name. Then use the new server which i have as an additional server, this can be used for many different things in house.
Do you have any info with regards to upgrading windows 2000 server to windows 2003, and changing the domain name.?
Once again thanks for your help.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Kevin,
As usual, Fatal_Exception's got good info. I followed the links and they look really good and will probably answer most of your questions. I really do think what you're proposing is the best route on this. If you run into specific difficulties, let us know.
Also, I'd highly recommend testing this first. One of the cheapest and easiest ways to set up a lab to test this sort of thing is to use Microsoft's Virtual PC and set up a virtual Windows Server as a DC and a virtual Windows XP box as a member of the domain. Test the domain name change on the virtual server and see what it does to the client. To really pull this off, you'll need a fairly beefy PC to run it all on because you'll want to designate at least 256MB of RAM to the server and 128MB of RAM to the XP Pro VPC.
Or, you can set up your additional server as a DC in your existing domain. Isolate it and sieze the FSMO roles using NTDSUtil so that way it's like it's the only DC. Take an XP box and join to its domain (again, make sure this network is totally isolated from your production network), change the name and see what it does.
Good luck! If you can get past the churning stomach and gut-wrenching fear, this can be a lot of fun! And whatever you do, don't dwell on the fact that your job is probably on the line. Both Fatal_Exception and I used to be network administrators before we messed up a migration like this. Now, he works the drive-thru and I make the french fries. :-)
<-=+=->
(I'm just giving you a hard time, of course. If you test it, you'll find that it's not that big of a deal. Just do a full tape backup, including your system state so you can recover if there's a problem. And I actually was serious that this sort of thing really is fun. Good luck and if you run into a problem, post here with your email address and I'll email you mine... I'll help you out however I can.)
As usual, Fatal_Exception's got good info. I followed the links and they look really good and will probably answer most of your questions. I really do think what you're proposing is the best route on this. If you run into specific difficulties, let us know.
Also, I'd highly recommend testing this first. One of the cheapest and easiest ways to set up a lab to test this sort of thing is to use Microsoft's Virtual PC and set up a virtual Windows Server as a DC and a virtual Windows XP box as a member of the domain. Test the domain name change on the virtual server and see what it does to the client. To really pull this off, you'll need a fairly beefy PC to run it all on because you'll want to designate at least 256MB of RAM to the server and 128MB of RAM to the XP Pro VPC.
Or, you can set up your additional server as a DC in your existing domain. Isolate it and sieze the FSMO roles using NTDSUtil so that way it's like it's the only DC. Take an XP box and join to its domain (again, make sure this network is totally isolated from your production network), change the name and see what it does.
Good luck! If you can get past the churning stomach and gut-wrenching fear, this can be a lot of fun! And whatever you do, don't dwell on the fact that your job is probably on the line. Both Fatal_Exception and I used to be network administrators before we messed up a migration like this. Now, he works the drive-thru and I make the french fries. :-)
<-=+=->
(I'm just giving you a hard time, of course. If you test it, you'll find that it's not that big of a deal. Just do a full tape backup, including your system state so you can recover if there's a problem. And I actually was serious that this sort of thing really is fun. Good luck and if you run into a problem, post here with your email address and I'll email you mine... I'll help you out however I can.)
Let me reiterate:
If you decide to go the route of using your extra server to create a test lab, MAKE SURE IT IS ISOLATED FROM YOUR PRODUCTION NETWORK. If you sieze FSMOs and change the name while it's on the production network, you'll find that you've made some pretty drastic changes to your production network. Now that I think about it, when you're testing with Virtual PCs, make sure that the computer you're testing on is also isolated.
<-=+=->
If you decide to go the route of using your extra server to create a test lab, MAKE SURE IT IS ISOLATED FROM YOUR PRODUCTION NETWORK. If you sieze FSMOs and change the name while it's on the production network, you'll find that you've made some pretty drastic changes to your production network. Now that I think about it, when you're testing with Virtual PCs, make sure that the computer you're testing on is also isolated.
<-=+=->
Excellent comments! you gotta love the 'drive thru'!
Maybe I should change my screen name to "French Fry Guy"?
<-=+=->
<-=+=->
*grin*
ASKER
OK, im going to leave the "domain 1" as it is, as ive found since starting this string that it is engrained more than i knew in the companys infrastructure.
So what im intending to do know is leavve "domain 1" alone, setup "domain 2" as i have done, and id like to get the dns pointing at eachother, so they are aware of eachother, then setup a trust between the 2 domains, so i can port over the user objects to the new domain. Then i will setup the mail profiles to look at the existing mail server. I will then turn off DHCp on the old Domain.
Does this sound A - Possible, B - Less time consuming.
As then i would have domain 1, which ran the exchange side of things and "domain 2" which is the domain controller, which i could administer.
The next question is, how do i setup the dns trusts between windows 2000 and windows 2003 servers.?
Thanks again for all your help.
So what im intending to do know is leavve "domain 1" alone, setup "domain 2" as i have done, and id like to get the dns pointing at eachother, so they are aware of eachother, then setup a trust between the 2 domains, so i can port over the user objects to the new domain. Then i will setup the mail profiles to look at the existing mail server. I will then turn off DHCp on the old Domain.
Does this sound A - Possible, B - Less time consuming.
As then i would have domain 1, which ran the exchange side of things and "domain 2" which is the domain controller, which i could administer.
The next question is, how do i setup the dns trusts between windows 2000 and windows 2003 servers.?
Thanks again for all your help.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I'd be interested in the points for this one.. quite a bit of effort on my part - for Fatal_Exception, as well, I might point ou.
<-=+=->
<-=+=->
:) thanks SC!
Setup the 2003 server to be a DC in the same domain. Then everything will be copied over. THEN, get rid of your old domain controller (you'll still have it as backup incase there's problems, at least for a while)
After you have only one (this would take like a day max) upgrade to 2003 native mode. After that, you can change the domain name.
Then you just have to install 2003 on the other domain controller and you have a complete 2003 domain wtih all your old accounts and no manual copying.
The only problem with this plan is you have to upgrade both to 2003. But if you want to be both 2000, you would be ok with them being on at the same time, just turn off DHCP. The problem is when you have two domains with the same name.... then they start going nuts.